JP4020197B2 - Efficient packet encryption method - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
(Field of Invention)
The present invention relates to a telecommunications transmission, and in particular to a packet encryption method that is efficient in computing on a stream of packets that are lost and / or delivered out of order during the transmission.
[0002]
[Prior art]
(problem)
In the field of packet transmission, packet encryption that increases encryption security and prevents transmitted devices from intercepting and decrypting transmitted packets, while not increasing the processing time to encrypt and decrypt plaintext It is a problem to provide a conversion method. A second problem in the field of packet transmission is to provide a packet encryption method that reassembles a sequence of packets at the destination, while the receiver does not require excessive time to decrypt and reassemble the packet stream. is there. A third problem is to synchronize the decoding of received packets in the presence of lost or out-of-order packets.
[0003]
In both wired and wireless packet switching, plaintext packets are sent from the source to the destination over the network. Packets are assembled and reassembled into plaintext individual packets by the packet assembler / disassembler. Each packet has a uniquely determined identification number, or sequence number, and each packet includes three basic elements: a header, a payload, and optionally a trailer. The header includes control information such as a sequence number, a synchronization bit, a destination address, a source address, and a packet length. The payload is the plaintext to be transmitted and the trailer includes the end of the packet flag and error detection and error correction bits.
[0004]
For transmission over a packet switched network, the media stream is broken down into “packets”. Each packet travels through the network through an available node to a destination, and is transmitted from node to node as bandwidth becomes available for transmission. At the destination node, an attempt is made to break up the packet into the original continuous stream. Since packets travel through the next consecutive encrypted byte E in the network S vector following a different route, they often arrive out of order at the destination. Other packets can be lost in the network. Further processing time is required at the destination in order to request re-transmission of lost packets and / or packets received out of order and to break up the packets into the original contiguous message.
[0005]
In the field of packet transmission, two encryption methods are commonly used, namely RC4 and WEP (Wired Equivalence Privacy). RC4 is an encryption method supported by CDPD (Cellular Digital Packet Data), and WEP is an encryption method supported by the IEEE 802.11 standard. The Institute of Electrical and Electronics Engineers (IEEE) is an organization responsible for standardization of many telecommunication and computing processes, including those used in local area networks (LANs) and the 802 series standards. IEEE 802 part 11b (802.11b) is usually used for radio that is becoming more and more common in LAN construction.
[0006]
WEP and RC4 are “stream-type” ciphers, which generate random encrypted byte character strings at the source, all of which are logically ORed with plaintext bytes to form a ciphertext. Conversely, the ciphertext can be exclusive-ORed with the same encrypted stream, and the plaintext is restored at the destination.
[0007]
[Problems to be solved by the invention]
(RC4 encryption method)
RC4 operates from start to finish as a single stream generator, a very long stream generator. RC4 does not use a packet sequence number in the encryption method. Instead, the next sequence of bytes in the payload plaintext is used. In other words, the encryption / decryption of each byte depends on the position of the byte in the entire stream. RC4 generates a 256-byte S vector using a key of up to 256 bytes. This S vector sequentially encrypts each successive byte of the payload plaintext. The S vector algorithm uses two variables and the S vector is reordered after each byte is encrypted, so the value of each encrypted stream depends on the number of payload bytes already encrypted or decrypted. To do. Thus, the S vector evolves over time, making it impractical to resynchronize RC4.
[0008]
Once all of the payload plaintext bytes are encrypted, the ciphertext is assembled into packets, and a header and trailer are added to each packet for transmission. The problem occurs when a packet of data is lost during transmission. The destination knows that the packet has been lost (not yet received). This is because each header includes a sequence number. If the second packet does not arrive at the destination, the destination can decrypt the payload ciphertext bytes in the first packet. However, the destination cannot decrypt the received third packet. This is because the destination does not know how many payload ciphertext bytes have been transmitted in the missing second packet. Thus, the destination requests to request retransmission of all packets not received. This is not practical for real-time media streams. Since all the plaintext bytes are sequentially converted to ciphertext, the ciphertext bytes must be processed in the same order as decryption.
[0009]
The RC4 encryption method described above cannot provide a method for decrypting the next received packet if the packet is lost unrecoverably during transmission.
[0010]
(Wired Equivalence Privacy (WEP) method)
IEEE 802.11b uses the Wired Equivalent Privacy (WEP) method. The similarity between RC4 and WEP is that WEP uses RC4 by reinitializing the way each packet uses the sequence number as part of the key. The WEP encryption method is reinitialized by rekeying a new S vector with a new key (selecting a new key).
[0011]
To solve the problem generated using RC4, WEP uses RC4, where WEP uses a similarly incremented S-vector for each packet, whereas RC4 uses payload. For each byte, with the exception of using an incremented S vector. By generating a new S vector for each packet, the destination can decode each packet in any order received and under the condition that the packet is lost. In other words, WEP operates from the start to the end of one packet, whereas RC4 is from start to end for each payload stream, regardless of the number of packets transmitted for each payload stream. Operate. This makes WEP inefficient for small packets such as voice communications. This is because a new S vector needs to be calculated for each packet.
[0012]
While the problem of lost packets preventing decryption at the destination was solved, the process of re-entering and re-initializing the method for each packet has been shown to be computationally intensive and insecure. WEP has been shown to have safety drawbacks. “Using the Fluhler, Martin, and Shamir attack to break WEP” by Stubblefield et al.http: // www. cs. rice. edu / ~ astable / wep / wep attack. html
And “Weaknesses in the Key Scheduling Method of RC4”
http: // www. eyeapap. org / ~ rguerera / toronto2001 / rc4_ksaproc. pdf
Please refer to. Some PC cards reset the packet sequence number to zero each time they are initialized, and then increment once every use. While this method reduces processing time, this method, on the other hand, provides a high likelihood that the key stream is reused, leading to a simple cryptographic analysis attack on the ciphertext and decryption of the message traffic. If the hacker can break the encryption code of one packet, the hacker can decrypt all the packets. Another problem with WEP is that it requires a large amount of computation. The S vector loop requires 256 steps (for a 256 byte vector) and the S vector is recalculated for each packet.
[0013]
RC4 increments the S vector of each byte in the payload plaintext stream, reducing the computational complexity of the RC4 encryption method at the cost of being unable to recover immediately when a packet is lost in the network. WEP solves the problem by providing a computationally intensive and less secure encryption method, thus increasing the overhead time required to encrypt the plaintext stream and decrypt the ciphertext stream. .
[0014]
The encryption method described above cannot provide a way to efficiently encrypt the payload plaintext stream, but allows the received packet to be decrypted if the packet is lost during transmission. To do.
[0015]
For this reason, it does not increase the time required to encrypt the payload plaintext and to decrypt the payload ciphertext, and after the packet is lost or the packet (s) arrive out of order. There is a need for an efficient packet encryption method that has the ability to recover it.
[0016]
The present invention has been made in view of the above circumstances, reduces the calculation time for encrypting and decrypting continuous packets of plaintext data, and recovers even after a packet is lost or arrives out of order. It is an object of the present invention to provide an efficient packet encryption method having the ability to
[0017]
[Means for Solving the Problems]
(Resolution)
This efficient packet encryption method overcomes the problems outlined above and advances the technology by providing a method that does not recalculate the S-vector for each packet, thus encrypting the payload plaintext And reduce the time required to decrypt the payload ciphertext. This efficient packet encryption method further overcomes the problem of lost or out of order packets. This is done by providing a way to initialize two variables within the encryption method using the packet sequence number. The third and fourth variables are injected into the calculation to minimize the predictability of the values used in the encryption calculation and reduce the frequency with which the encrypted stream repeats.
[0018]
This efficient packet encryption method uses the standard RC4 method and generates an initial S vector using a secret key. Unlike WEP, which generates a new S vector for each successive packet, the S vector is generated once to encrypt the entire plaintext stream, and thus to generate a new S vector for each immediately following packet. Delete the required time.
[0019]
An efficient packet encryption method of the present invention is a method of encrypting at least one byte of plaintext to generate at least one byte of ciphertext, the method selecting a secret key, Generating an S vector according to an encryption method; and setting a sequence number, the sequence number having a first part and a second part, and a first of the sequence numbers Setting a first variable as a part; setting a second variable as the second part of the sequence number; setting a byte sequence number; the second variable and the byte sequence Calculating a third variable as a sum of the number, incrementing the byte sequence number by one, and adding the first variable to the first variable, Calculating a fourth variable by adding the values in the S vector indicated by the three variables, and identifying the encrypted byte, wherein the position of the encrypted byte in the S vector is: The encrypted byte is exclusively OR'ed with at least one byte of plaintext, indicated by the sum of the value in the S vector indicated by the third variable and the fourth variable. Generating at least one byte of ciphertext.
[0020]
In the method of the present invention, the step of setting a second variable includes the step of setting an exclusive OR between the second part of the sequence number and the value in the S vector indicated by the first variable. It is preferable to further include the step of taking.
[0021]
In the method of the present invention, the step of calculating the fourth variable includes the step of setting a value of a counter, and the first variable includes the third variable and the S vector in the S vector indicated by the counter. And adding the values in the S vector indicated by the values.
[0022]
The method of the present invention is also a method for encrypting one or more plaintext packets, wherein the one or more packets in plaintext have a plurality of plaintext bytes, the method comprising: Obtaining an S vector using the secret key; obtaining a sequence number having a first part and a second part for each successive one or more packets of plaintext; Using the first part of the sequence number to set a first variable and using the second part of the sequence number to set a second variable equal to zero Setting a byte sequence number; and calculating a next encrypted byte for each next byte of the plurality of plaintext bytes, wherein the calculating step sets the second variable to the byte sequence number. In Calculating a third variable; calculating a fourth variable by adding the first variable to a value in the S vector indicated by the third variable; The next encrypted byte in the S vector is added by adding the value in the S vector indicated by the third variable to the fourth variable that computes a pointer to identify the next encrypted byte. Including a step of specifying, a step of setting, the step of setting the second variable and the third variable equal, and the step of incrementing the byte sequence number by one.
[0023]
In the method of the present invention, the step of calculating the second variable includes the step of exclusive ORing the value in the S vector indicated by the first variable with the second part of the sequence number. It is preferable to include.
[0024]
In the above method of the present invention, for each next encrypted byte, the next encrypted byte is XORed with the next byte of the plurality of plaintext bytes at the transmitter to Preferably, the method further includes the step of calculating the ciphertext bytes.
[0025]
In the method of the present invention, at the receiver, for each next encrypted byte, the next encrypted byte is exclusive-ORed with the next ciphertext in each one or more packets of plaintext. Preferably further includes the step of calculating the next received plaintext byte.
[0026]
In the method of the present invention, the step of calculating the fourth variable includes the step of setting a counter, and the first variable is set to a value in the S vector indicated by the third variable and the counter. Further comprising calculating the fourth variable by adding and incrementing the value of the counter according to a predetermined schedule for each one or more subsequent packets of plaintext. preferable.
[0027]
In the method of the present invention, the step of setting a counter comprises resetting a rollover counter to zero for a first packet of one or more plaintext packets, Preferably, for a packet, if incrementing the sequence number causes the sequence number value to be converted from 1 to all 0s, the method further includes incrementing the rollover counter.
[0028]
Reordering the S vector for each next byte of the plurality of bytes in plain text, storing a copy of the S vector, the third variable, and Replacing a value in the S vector indicated by a value in the S vector indicated by a fourth variable, wherein the value in the S vector is replaced after the next encrypted byte is specified. Preferably, the method further comprises the steps of: restoring the stored S-vector for each one or more packets of plaintext.
[0029]
The method of the present invention is a method for converting one or more packets having a plurality of bytes of plaintext P into one or more packets having a plurality of ciphertext bytes C, the method comprising: Obtaining an S vector having a plurality of S vector bytes using the secret key; randomly setting a sequence number having a first part and a second part; For each successive one or more packets, incrementing the sequence number, j = setting the first variable j according to the first part of the sequence number, and i = the number of the sequence number Calculating a second variable i according to part 2 and calculating a next successive ciphertext byte C for each successive byte of the plurality of bytes of plaintext P, comprising: The step of calculating further calculates the first variable by j = j + S [i], sets the third variable k, and further calculates the second variable i by i = i + k. Identifying the next consecutive encrypted byte E in the S vector by E = S [S [i] + S [j]], and the next consecutive encrypted byte E, Converting C = E + P to the next continuous ciphertext byte C, and the last byte of the plurality of bytes of plaintext P is ciphertext for the next packet of the one or more packets If converted to byte C, transmitting the next consecutive packet of the one or more packets to a receiver.
[0030]
In the method of the present invention, the step of calculating the second variable includes the step of calculating a lower sequence number and a value in the S vector indicated by the first variable by i = (lower order of the sequence number) + S [j] It is preferable to further include the step of taking an exclusive OR.
[0031]
In the method of the present invention, the step of further calculating the first variable j includes:
Setting the counter r; further calculating the first variable j by j = j + S [i] + S [r]; and for each successive packet of one or more packets, the value of the counter r It is preferable that the method further includes a step of implementing.
[0032]
In the method of the present invention, the step of calculating the next consecutive encrypted byte E is a step of rearranging the S vector, the step of storing a copy of the S vector, and the first variable j. Including the step of replacing the plurality of S vector bytes indicated with the plurality of S vector bytes indicated by the second variable i, and the last byte of the plurality of bytes of the plaintext P is: When one or more of the packets are converted into a plurality of ciphertext bytes C, it is preferable to further include a step of restoring the stored S vector.
[0033]
The method of the present invention is a method for converting one or more packets having a plurality of bytes of plaintext P into one or more packets having a plurality of ciphertext bytes C, the method comprising: A step of calculating an S vector having a plurality of S vector bytes using the secret key, a step of randomly setting a sequence number having a high order or a low order, and each successive one or more Incrementing the sequence number and computing the next consecutive encrypted byte E for each successive byte of the plurality of bytes of plaintext P, where j = higher of the sequence number , Setting the first variable j, calculating the second variable i by i = (lower order of sequence number) + S [j], and counter r A step of further calculating the first variable by j = j + S [i] + S [r], a step of setting a third variable k, and the second variable by i = i + k Including incrementing the variable i; identifying the next consecutive encrypted byte E in the S vector by E = S [S [i] + S [j]]; Converting the continuous encrypted byte E of the next encrypted ciphertext byte C by C = E + P, and the last byte of the plurality of bytes of plaintext P is the next packet of one or more packets And, when converted to ciphertext byte C, transmitting the next consecutive packet of the one or more packets to a receiver.
[0034]
(Variable calculation)
The two variables i and j are used to generate an encrypted stream that is exclusive OR'd with each plaintext byte in the packet. New values for variables i and j are calculated for successive plaintext bytes in the packet. Unlike RC4, where variables i and j are initially set to zero and incremented with respect to the next plaintext byte in the payload, a starting sequence number is generated for the first packet after the initial S vector is generated. The The first part of the sequence number represents the variable j and the second part of the sequence number is used to calculate the variable i.
[0035]
In one embodiment, the variable i is calculated by taking the second part of the sequence number as an exclusive OR with the value of S [j]. Here, S [j] is derived from the S vector. Injecting the third variable S [j] into the calculation process of the starting value of the variable i thus makes the present efficient packet encryption method more secure against known plaintext attacks. New starting values for variables i and j are calculated for each immediately following packet. Using the sequence number to generate the encrypted stream provides a way to decrypt the packet at the destination, regardless of the order in which the packets are received. This further provides a way to decrypt the next packet received after the packet is lost, thus reducing the time to encrypt, transmit and decrypt plaintext consecutive packets.
[0036]
(Continuous encryption and ciphertext byte calculation)
If the next consecutive byte in the packet is not encrypted, the variables i and j are recalculated for each consecutive byte in the packet. The second variable i is recalculated as the sum of the second variable i from the previous iteration and the fourth variable k. Here, k is a byte sequence number in the packet payload. At the start of each packet, k is reset and k is incremented for each successive byte of plaintext in the packet. The fourth variable k is used to calculate the second variable i, and when this efficient packet encryption method is used to encrypt a large plaintext payload, Reduce the likelihood that parts of the same encrypted stream will be used. The first variable j is recalculated as the sum of the first variables by adding the third variables S [i] and s [j] to the previous iteration, respectively. Here, S [i] and s [j] are derived from the S vector.
[0037]
Injecting S [r] into the encryption method generates an encrypted stream, where the encrypted stream does not repeat over a long sequence of packets. Without including S [r], the encrypted stream repeats approximately every 11 minutes with 100 packets per second. Injecting S [r] into the computation produces an encrypted stream that repeats every 46 hours, thus making the efficient packet encryption method more secure.
[0038]
In another embodiment, the S vector is reordered while each successive packet is encrypted. In this embodiment, the S vector is calculated first and a copy of the S vector is saved. For each successive byte of encrypted plaintext, the values in the S vector indicated by the first variable j and the second variable i are swapped.
For each successive byte of plaintext, the S vector is reordered over time by swapping the values in the S vector, so the encrypted stream generated for a long plaintext payload is repeated in the packet. The probability of doing is low. If all plaintext bytes in a packet are encrypted, the initial S vector is restored for use in encrypting and decrypting the next packet.
[0039]
(First encryption and ciphertext byte calculation)
The first byte of the encrypted stream is derived from the S vector using the equation E = [S [i] + S [j]]. The position in the S vector, indicated by the sum of S [i] and S [j], contains the next byte of the encrypted stream. At the transmitter, the next byte of the encrypted stream is used to calculate the next byte of the encrypted stream. The next byte in the encrypted stream is XORed with the next plaintext byte in the packet payload.
[0040]
At the receiver, the next received ciphertext byte is decrypted by exclusive ORing the next received ciphertext byte with the next calculated ciphertext byte to recover the next plaintext byte. To do. The next step in this efficient packet encryption method is to determine whether the last plaintext in the first packet payload is encrypted.
[0041]
When all consecutive plaintext bytes in the next packet have been encrypted, the packet sequence number is incremented and the method returns to the starting point and takes the new values for variables i and j from the next consecutive packet sequence number. calculate. The first generated S vector is used for all successive packets.
[0042]
The first advantage of this efficient packet encryption method is that the processing time for each packet is reduced. Using the same S vector for consecutive packets reduces the processing time for each packet for encrypting the plaintext stream or decrypting the ciphertext stream, and this efficient packet encryption method is the same as the above-mentioned WEP method. More efficient than conventional encryption methods. A second advantage of this efficient packet encryption method is that it does not suffer from the same attacks that make WEP insecure.
[0043]
A third advantage of this efficient packet encryption method is that it is designed to easily resynchronize in situations where packets are received in a lost and / or out of order. This efficient packet encryption method uses each packet sequence number to select initial values for variables i and j and increments the packet sequence number of successive packets. RC4 does not use a sequence number, so the receiver must count bytes from the beginning of the cipher stream.
[0044]
Initializing variable i and variable j with the sequence number makes the next value predictable. Injecting the third variable S [j] makes the efficient packet encryption method more efficient when the calculation of the initial value of the variable i eliminates the predictability of determining the values of the variables i and j. Make it safe. Injecting S [r] into the computation generates an encrypted stream that the packet encryption stream does not repeat frequently and provides additional protection against hackers. Similarly, the byte sequence number k is injected to reduce the likelihood that a fragment of the encrypted stream will repeat somewhere over a long sequence.
[0045]
(Detailed explanation)
The efficient packet encryption method defined above and by the appended claims can be better understood with reference to the following detailed description that should be read in conjunction with the accompanying drawings. This detailed description of the preferred embodiments is not intended to limit the recited claims, but is used as a specific illustration thereof. Moreover, the terminology and terminology used herein is used for the purpose of explanation and not for the purpose of limitation.
[0046]
In both wired and wireless packet switching, payload plaintext packets are transmitted from the source to the destination over the network. Packets are assembled and disassembled into individual packets of payload data by a packet assembler / disassembler. Each packet has a uniquely determined identification number, or sequence number, and each packet includes three basic elements: a header, a payload, and optionally a trailer. The header includes control information such as a sequence number, a synchronization bit, a destination address, a source address, and a packet length. The payload is the plaintext to be transmitted and the trailer includes the end of the packet flag and error detection and error correction bits.
[0047]
DETAILED DESCRIPTION OF THE INVENTION
(Packet exchange-Fig. 1)
With reference to FIG. 1, for transmission over a packet switched network 100, a single message, or data stream 110, is broken up into "packets". Each packet 112, 114, 116 and 118, denoted 1 to 4 respectively, travels to a destination through nodes 120, 122, 124, 126, 128 and 130 that are available via the network 100, with bandwidth When it becomes available for transmission, it is transmitted from node to node. At destination node 130, packets 112, 114, 116 and 118 are reassembled into the original continuous message or stream. Because packets travel through the network 100 following different routes, the packets often arrive at the destination 130 out of order. Other packets can be lost in the network. Additional processing time is required at the destination to request transmission of the lost packet and reassemble the packet into the original continuous message. In many cases, retransmission of lost packets cannot be achieved in a timely manner. Therefore, lost packets cannot be recovered.
[0048]
The main feature of packet switching is the way in which transmission links are shared as needed. Each packet is transmitted as soon as the appropriate link is available, and no link is held by a source that has nothing to send. After the source node 120 transmits the first packet 112, this source node must follow the same process to send the remaining packets. Each packet may travel a different route between the source node 120 and the destination node 130, and each packet has a sequence number. In this embodiment, sequence numbers 1-4 are used at the destination node 130 to reassemble the packet into the original continuous message 110. For example, the first packet 112 moves from the source node 120 to the first node 122. The second packet 114 leaves the source node 120 and moves to the first node 122, while the first packet 112 moves to the destination node 130 and arrives first at the destination node 130, in order. arrive. As the third packet 116 moves from the first node 122 to the destination node 130, the third packet 116 leaves the source node 120 and moves to the third node 126. The last packet 118 moves from the source node 120 to the first node 122, while the third packet 116 moves to the destination node 130. Since the route 116 of the third packet 116 has a longer propagation time than the last packet 118, the last packet 118 and the third packet 116 are in a disordered order at the destination node 130. You can arrive.
[0049]
Similarly, if another node on the network transmits an out-of-order packet, this packet may collide with one of the packets transmitted by the source node 120, resulting in a lost packet. Accordingly, destination node 130 receives three of the four packets. When the processor reassembles the packet at the destination node 130, the processor understands that the packet is missing. Using the RC4 and WEP encryption methods described above, the destination node 130 cannot decrypt packets received out of order or any packets received after a lost packet.
[0050]
Encryption schemes fall into two general categories. That is, a symmetric encryption method and an asymmetric encryption method. For example, in a symmetric encryption scheme belonging to Data Encryption Standard (DES), the sender encrypts data (ie, converts plaintext to ciphertext) and the receiver decrypts the same data. The same key is used (ie to convert the ciphertext to the original plaintext). This efficient packet encryption method is symmetric.
[0051]
(Generation of S vector)
The efficient packet encryption method uses a standard RC4 method to generate a starting S vector. With reference to FIG. 2, the transmitter and receiver agree that a secret key is used to encrypt / decrypt the plaintext in block 210. The transmitter may randomly generate a secret key and transmit the secret key to the receiver in the first packet header, or the two devices will use a specific key during call set-up You can agree. For purposes of illustration, the present efficient encryption method is described and illustrated including 256 component vectors, although other length vectors may be substituted.
[0052]
At block 220, the secret key is repeated, and if necessary, 256 constituent K vectors are sequentially filled with secret key bytes. The value of each byte in the K vector of 256 components is less than 256. At block 230, the 256 component S vectors are initialized so that S [i] = i for all i between 0 and 255. Using the standard RC4 method, at block 240, the initial S vector is scrambled with the K vector. Modulo 256 is performed for all arithmetic operations.
[0053]
Step 1
Receive a secret key and generate a K vector using this secret key
Initialize S vector according to standard encryption method
However, S [i] = i is satisfied for all 0 ≦ i <255.
Scramble the initial S vector using the K vector
Where j = 0
Because i = 0 to 255
j = j + S [i] + K [i]
Swap S [i] and S [j]
Here, the values of S [i], S [j] and K [i] are derived from the S vector and the K vector. After the initial S vector is generated, a variable for encrypting the plaintext packet is calculated.
[0054]
(Calculation of variables-Fig. 3)
The variables used to encrypt the packet plaintext are i and j. Unlike RC4, where i and j are initially set to zero and incremented for the next byte of plaintext in the plaintext stream in the encryption computation, or RC4 is reinitialized at the start of each packet, An efficient packet encryption method starts an encryption process for each packet using a sequence number. The initial sequence number may be a randomly generated sequence number. The sequence number is incremented and the next sequence number is used to encrypt each next packet. Referring to the flowchart in FIG. 2, the rollover counter r is initially reset to zero in block 310 and an initial sequence number is randomly generated in block 320 for the first packet.
[0055]
Step 2
Set initial sequence number (increment sequence number of consecutive packets)
Set initial rollover counter r = 0
(If sequence number = 0, increment r and modulo 256)
Reset byte sequence number k = 0
The value of the rollover counter r is used when calculating a variable j used for generating the encrypted stream. Similarly, in order to avoid using the same encryption sequence between packets, the byte sequence number k is used to calculate the variable i used in generating the encrypted stream.
[0056]
The sequence number includes at least two bytes, the lower byte and the next byte. If the sequence number contains more than two bytes, the excess higher part is used as the rollover counter r (modulo 256). Variable j is initialized to be equal to the high order byte of the sequence number in block 330. The variable i is calculated at block 330 such that the lower byte of the sequence number is exclusive ORed with S [j].
[0057]
Step 3
Set variables i and j
j = high sequence number
i = (lower sequence number) + S [j}
Here, S [j] is derived from the previously generated S vector. Using sequence numbers to set initial values for variables i and j provides a way to reassemble or synchronize the decoding of packets at the receiver, regardless of the order in which the packets were received.
[0058]
Using only the sequence number in plaintext packet encryption makes the next values of the variables i and j predictable, so the encryption method is not secure. Using a known plaintext attack, once several packets are successfully decoded, the attacker can derive information about the components of the S vector. Once sufficient information about the S vector component is derived using this attack, the remaining S vectors can be determined and the ciphertext can be decrypted. Injecting the variable S [j] into the initial value calculation of the variable i in block 330 reduces the predictability of the variable i. This is because the value of S [j] is derived from the S vector. Therefore, certain known plaintext attacks on the S vector are prevented. The exclusive OR of the lower sequence number with S [j] ensures that any relation obtained from a known plaintext attack is non-linear. Thus, this efficient packet encryption method is safer against known plaintext attacks.
[0059]
(Continuous packet variable calculation)
To further increase the security of this efficient packet encryption method, variables i and j are further computed at block 340 using a second computation for each next byte of plaintext.
[0060]
Step 4
i = i + k
Using j = j + S [i] + S [r]
Compute variables i and j
Where r is the value of the rollover counter, S [i] and S [r] are derived from the S vector, and k is the byte sequence number in the packet. As described above, in one embodiment, the rollover counter is set to zero at block 320 when the encryption method is initialized. In this embodiment, the rollover counter is incremented, and all 1's are incremented to 0 in the sequence number. When the encryption method is initialized, the sequence number can be replaced with a rollover counter and incremented as described above with respect to incrementing the rollover counter.
[0061]
In one embodiment, the second variable i is recalculated as the sum of the second variable from the previous iteration and the fourth variable k. Here, k is a packet payload byte sequence number. At the start of each packet, k is reset and k is incremented for each successive byte of plaintext in the packet. The fourth variable k is used when calculating the second variable i, and if this efficient packet encryption method is used, the portion of the encrypted stream may be reused in different packets. Reduce. The first variable j is recalculated as the sum of the first variable, the third variable S [i] and the fourth variable S [r] from the previous iteration. Here, S [i] and S [r] are derived from the S vector. The second variable i is only incremented by 1 for each next plaintext byte in the packet, whereas the portion of the encrypted stream used for one packet is for any other packet To be reused. Thus, recalculating the plaintext continuous byte variable i in the packet using the byte sequence number would result in 2 repetitions of the payload.²⁵⁶Prevents repetition of sub-byte payloads, thus adding additional security to this efficient packet encryption method.
[0062]
For the next packet, if necessary, in block 340, S [r] is injected into the encryption calculation, and in block 320, incrementing the value of r reduces the frequency with which the encrypted stream repeats. To do. Encrypting 100 packets per second without using S [r] when calculating the continuous j variable causes the encrypted stream to repeat every 11 minutes. S [r] is injected into the calculation of the variable j for each byte in the packet, and if necessary, r is incremented for each subsequent packet, and the encrypted stream repeats approximately every 46 hours. Thus, injecting a further rollover counter variable r into the efficient packet encryption method provides additional security against hackers.
[0063]
While the calculation of variables i and j has been described using a variable r obtained directly from a rollover counter or sequence number, other methods of setting the r value can be substituted. Other known methods for generating r values include randomly selecting a starting r value and delivering the r value as part of the header, or the value of r can be derived from protocols other than RTP. Similarly, an alternative method of updating the counter can be replaced by incrementing the counter if the sequence number increments from a series of all 1s to a series of all 0s. Using the variables i and j generated at block 340, an encrypted byte is calculated at block 350.
[0064]
(First encryption and ciphertext byte calculation)
The first byte of the encrypted stream is calculated at block 350 using the values of variables i and j calculated in the previous step 4.
[0065]
Step 5
Calculate the next byte in the packet encrypted stream using E [k] = S [S [i] + S [j]]
Here, the binary values of S [i] and S [j] are derived from the S vector. The position in the S vector, indicated by the sum of S [i] and S [j], contains the next byte of the encrypted stream. Using the next byte of the encrypted stream, the next byte of the encrypted stream is calculated at block 360.
[0066]
In an alternative embodiment, the S vector is reordered or scrambled at block 380 while encryption of each successive packet is performed. In this embodiment, a copy of the S vector is saved before encrypting the plaintext first byte in the packet. For each successive byte of plaintext, the values in the S vector indicated by the first variable j and the second variable i are swapped. By swapping the values in the S vector of each successive byte of plaintext, the S vector is reordered over time, and the probability that the encrypted stream generated for a long plaintext payload will repeat in the packet is low. If all the plaintext bytes in a packet are encrypted, the initial S vector is restored for use in encrypting or decrypting the next packet.
[0067]
Both the transmitter and the receiver generate the same encrypted stream according to steps 1-5. At the transmitter, the encrypted stream is used to generate a ciphertext stream. At the receiver, a stream of ciphertext is received and the encrypted stream is used to decrypt the ciphertext and recover the plaintext.
[0068]
Step 6
Transmitter: C [k] = E + P [k] where P [k] = kull byte of plaintext is used to calculate the next byte ciphertext stream
Receiver: P [k] = E + C [k]
Is used to compute the next byte plaintext stream
Here, P [k] is the next byte of plaintext in the packet payload. In step 4, at the transmitter, the next byte in the encrypted stream is XORed with the next plaintext byte in the packet payload to generate the next byte ciphertext.
[0069]
Step 7
Increment byte sequence
k = k + 1
After the next byte of plaintext is converted to ciphertext at block 360, the byte sequence k is incremented by one at block 390. The next step in the present efficient packet encryption method is to determine at block 370 whether the last plaintext byte in the first packet payload has been encrypted. If the next plaintext byte in the packet payload is not encrypted, the method repeats steps 3 through 6 for each successive byte of the payload. Once all bytes in the payload plaintext stream have been encrypted / decrypted, the method returns to step 2 for the next packet.
[0070]
The S vectors generated in blocks 230 and 240 are used in blocks 330-350 to calculate all variables for each plaintext payload to be transmitted. Unlike WEP, where the S vector is recalculated for each packet, in this efficient packet encryption method, the S vector is not reinitialized for the current stream of payload plaintext. If any permutation of the S vector component is incremented, this S vector cannot be restored. The S vector is not recalculated until the transmitter is ready to send a new stream of payload plaintext.
[0071]
This efficient packet encryption method reduces the computation time for encrypting and decrypting continuous packets of plaintext data. S vectors are generated and used to encrypt continuous plaintext packets, thus reducing the per-packet encryption / decryption time. The formula for encrypting consecutive packets involves the use of a packet sequence number with a third variable injected to eliminate the predictability of the variable, thus making this efficient packet encryption method more secure To. The fourth variable is injected into the calculation and generates an encrypted stream that is not frequently repeated, providing additional security against hackers. In order to encrypt packets with long plaintext payloads, packet byte sequence numbers are used to generate an encrypted stream with a low probability of repetition within a particular packet.
[0072]
Utilizing this efficient packet encryption method further increases the level of security while reducing the computation time for successful transmission of the entire stream of payload plaintext. Eliminating per-packet recalculation eliminates the computational step of generating a new S vector for each packet.
[0073]
Using this efficient packet encryption method does not sacrifice security to save time. Instead, a further variable, variable i, is injected into the calculation process to improve security. Similarly, including a counter used to calculate the variable j further improves the security of the efficient packet encryption method by generating an encrypted stream with a low iteration frequency.
[0074]
With respect to alternative embodiments, those skilled in the art will appreciate that this efficient packet encryption method can be generated using various methods for generating an initial sequence number and an initial value for variable r. Although this efficient packet encryption method has been described and illustrated to generate a first random sequence number and set the rollover counter r to zero, alternative methods may be used. Similarly, although preset efficient packet encryption methods have been illustrated and described using 256 component vectors, those skilled in the art will appreciate that vectors having alternative numbers of components can be substituted.
[0075]
Clearly, an efficient packet encryption method has been described that fully satisfies the objectives, goals and advantages described above. While efficient packet encryption methods have been described in connection with specific embodiments thereof, multiple alternatives, modifications and / or variations can be devised by those skilled in the art in light of the above description. Accordingly, the description is intended to embrace all such alternatives, modifications, and variations that fall within the spirit and scope of the appended claims.
[0076]
【The invention's effect】
As described above, the efficient packet encryption method of the present invention includes a step of selecting a secret key, generating an S vector according to a standard encryption method, and a step of setting a sequence number, The sequence number has a first portion and a second portion, a step of setting a first variable as the first portion of the sequence number, and a second portion of the sequence number as the second portion. A step of setting a variable of 2, a step of setting a byte sequence number, a step of calculating a third variable as a sum of the second variable and the byte sequence number, and one byte sequence number An incrementing step and a step of calculating a fourth variable by adding a value in the S vector indicated by the third variable to the first variable. Identifying an encrypted byte, wherein the position of the encrypted byte in the S vector is the sum of the third variable and the value in the S vector indicated by the fourth variable Wherein the encrypted bytes are XOR'ed with at least one byte of plaintext to generate at least one byte of ciphertext, whereby the present application The ability to recover the packet after it has been lost or the packet or packets arrive out of order, without increasing the time required to encrypt and decrypt the payload ciphertext It is possible to provide an efficient packet encryption method.
[Brief description of the drawings]
FIG. 1 shows a sequence of payload plaintext for transmission over a packet switched network.
FIG. 2 shows a flowchart of a prior art RC4 method for generating a standard S vector.
FIG. 3 shows a flowchart of the efficient packet encryption method.

Claims (15)

A packet encryption method for generating at least one byte of ciphertext by encrypting at least one byte of plaintext, comprising:
The packet encryption method is:
And step processor by selecting a secret key, to generate the S-vector according to the RC4 encryption method,
Said processor comprising: setting a sequence number, the sequence number includes a first portion and a second portion, comprising the steps,
A step of the processor sets the first variable as the first portion of the sequence number,
A step of the processor sets the second variable as second portion of the sequence number,
A step of the processor sets the byte sequence number,
Said processor calculating a third variable as the sum of the second variable and the byte sequence number,
Said processor incrementing one said byte sequence number,
A step the processor is to calculate the said first variable, by adding the values in the S vector represented by the variables of the third predetermined number modulo the fourth variable,
Said processor, comprising the steps of identifying the encrypted byte position of dark Goka byte within the S-vector is indicated by the value and the fourth variable in the S vector represented by the third variable as indicated by the sum of the values in the S vector, the steps,
The processor, by taking the exclusive OR of the at least one byte of dark Goka bytes and plaintext, comprising the steps of generating at least one byte of dark ciphertext, packet encryption method. Step of setting the second variable,
Wherein the processor, wherein comprises the step of taking the exclusive OR of the value in the S vector the a second portion represented by the first variable, packet encryption of claim 1 of the sequence number Method. Calculating a fourth variable,
Wherein the processor, and setting a value for the counter,
Said processor further comprises the step of summing the values within the S-vector indicated by the value and the counter in the S vector represented by the first variable and the third variable, claim 1 Packet encryption method described in 1. A packet encryption method for encrypting one or more plaintext packets, the one or more plaintext packets having a plurality of plaintext bytes,
The packet encryption method is:
And step processor, to retrieve the secret key,
Said processor generating a S-vector using the secret key,
For each successive one or more packets of the plaintext,
Said processor includes the steps of acquiring a sequence number having a first portion and a second portion,
A step of the processor, using the first portion of the sequence number, sets the first variable,
A step of the processor, using the second portion of the sequence number, sets the second variable,
A step of the processor sets the byte sequence number to be equal to zero,
It said processor, for each next byte of the plurality of bytes of plaintext, calculating a next encryption byte
Including
The calculating step includes:
By the processor adds the second variable and the byte sequence number a predetermined number modulo the steps of generating a third variable,
A step the processor is to calculate the said first variable, by adding the values in the S vector represented by the variables of the third modulo said predetermined number, the fourth variable,
The processor calculates a pointer identifying the next encrypted byte by adding the value in the S vector indicated by the third variable and the fourth variable modulo the predetermined number by, identifying the encrypted bytes said next in the S vector,
A step of the processor sets the second variable to be equal to the third variable,
Said processor includes incrementing one said byte sequence number, a packet encryption method. Step of setting the second variable,
Wherein the processor, wherein the second portion the indicated by the first variable comprising the step of taking the exclusive OR of the values in the S-vector, packet encryption of claim 4 of the sequence number Method. For each next encrypted byte, the processor obtains the next ciphertext byte by performing an exclusive OR operation between the next encrypted byte and the next byte of the plurality of plaintext bytes. The packet encryption method according to claim 4, further comprising the step of calculating. The processor receives for each next encrypted byte an exclusive OR of the next encrypted byte and the next ciphertext byte in each one or more packets of the plaintext. 5. The packet encryption method of claim 4, further comprising the step of calculating the next plaintext byte. Calculating a fourth variable,
Wherein the processor, and setting a counter,
The processor calculates the fourth variable by adding the first variable and the value in the S vector indicated by the third variable and the counter modulo the predetermined number. Steps ,
5. The packet encryption method according to claim 4, further comprising the step of incrementing the value of the counter according to a predetermined schedule for each one or more next packets of the plaintext. . The step of setting the counter includes
Wherein the processor is for the first packet of the one or more packets of the plaintext, and resetting the rollover counter to zero,
Said processor, for each next one or more packets of plaintext, incrementing the sequence number increments the rollover counter when transitioning to the all 0 the value of the sequence number from the all-1 The packet encryption method according to claim 8, comprising the steps of : Wherein the processor, for each next byte of the plurality of bytes of the plaintext, the a changing step arranges the S-vector,
The reordering step includes:
A step the processor is to save a copy of the S-vector,
Said processor, comprising the steps of replacing the values in the S vector indicated by the value and the fourth variable in the S vector represented by the third variable, the value within the S-vector, the is replaced after identifying the next encryption byte, including the steps, the steps,
It said processor, for each next one or more packets of plaintext, further comprising, a packet encryption method according to claim 4 and restoring the saved S-vector. A packet encryption method for converting one or more packets having a plurality of plaintext P bytes into one or more packets having a plurality of ciphertext bytes C,
The packet encryption method is:
And step processor, to retrieve the secret key,
A step of the processor, using the private key, to calculate the S-vector having a plurality of S-vector bytes,
A step of the processor sets a sequence number having a first portion and a second portion at random,
Said processor, for each successive one or more packets, incrementing the sequence number,
The processor, j = according (a first portion of the sequence number), and setting a first variable j,
Said processor, i = according (second part of the sequence number), calculating a second variable i,
Said processor, for each successive byte of the plurality of bytes of plaintext P, and calculating the next successive ciphertext byte C,
The calculating step includes:
A step wherein the processor according to j = j + S [i] , that further calculating the first variable,
A step of the processor sets the third variable k,
A step the processor is in accordance with i = i + k, which further calculates a second variable i,
The processor, according to E = S [S [i] + S [j]], identifying successive encryption byte E in said next in the S vector,
The processor has C = E

According P, comprising the steps of converting a continuous encryption byte E of this next to the next successive ciphertext byte C, a step,
If the processor converts the last byte of the plurality of bytes of the plaintext P to ciphertext byte C for the next packet of the one or more packets, the processor the following includes a step of transmitting to the receiver a continuous packet, the packet encryption method of the above packets. Calculating a second variable i,
The processor is: i = (subordinate to the sequence number)

The packet encryption method according to claim 11, comprising the step of taking an exclusive OR of the lower sequence number and a value in the S vector indicated by a first variable according to S [j]. The step of further calculating the first variable j includes:
A step wherein the processor is to set the counter r,
A step the processor is further to calculate the j = j + S [i] + according S [r], the first variable j,
It said processor, for each successive packet of the one or more packets, comprising a step of incrementing the value of the counter r, packet encryption method according to claim 11. Calculating said next successive encryption byte E is
It said processor, comprising the steps of: rearranging the S vector,
The reordering step includes:
Said processor and storing a copy of the S-vector,
The processor comprises a byte of the plurality of S-vector bytes indicated by the first variable j, the step of replacing a byte of the plurality of S-vector bytes indicated by said second variable i Including, steps ,
When the last byte of the plurality of bytes of the plaintext P is converted into the plurality of ciphertext bytes C for the next one or more packets, the processor restores the stored S vector further comprising, a packet encryption method of claim 11, comprising the steps of. A packet encryption method for converting one or more packets having a plurality of plaintext P bytes into one or more packets having a plurality of ciphertext bytes C,
The packet encryption method is:
And step processor, to retrieve the secret key,
A step of the processor, using the private key, to calculate the S-vector having a plurality of S-vector bytes,
A step of the processor sets a sequence number having a high and a low order randomly,
Said processor, for each successive one or more packets, steps and the processor for incrementing the sequence number for each successive byte of the plurality of bytes of plaintext P, the next successive and calculating the encryption byte E,
The calculating step includes:
The processor, j = according (high of the sequence number), and setting a first variable j,
When the processor: i = (subordinate to the sequence number)

According S [j], calculating a second variable i,
A step of the processor sets a counter r,
The processor according to j = j + S [i] + S [r], the steps of further calculating a first variable,
A step of the processor sets the third variable k,
A step the processor is in accordance with i = i + k, for incrementing the second variable i,
The processor, according to E = S [S [i] + S [j]], identifying successive encryption byte E in said next in the S vector,
The processor has C = E

According P, comprising the steps of converting a continuous encryption byte E of this next to the next successive ciphertext byte C, a step,
If the processor converts the last byte of the plurality of bytes of the plaintext P to ciphertext byte C for the next packet of the one or more packets, the processor the following includes a step of transmitting to the receiver a continuous packet, the packet encryption method of the above packets.

Images